You can define MFA settings for end users, such as the maximum number of methods that a user can set up for authentication, authentication method selection, as well as account lockout settings. These settings are applied at the environment level.
- Go to .
- For MFA status for new users, specify whether MFA should be enabled by default for a user when their account is created.
For Maximum allowed methods, select the maximum number
of authentication methods that users can set up for their accounts. The default
is 5. Users can have multiple authentication methods using the same device. For
example, an end user could have SMS, voice, biometrics, and an authenticator app
all on a single mobile device.
Note: If you reduce the maximum value, existing methods are not affected. For example, if a user has 4 authentication methods set up, but you reduce the maximum number to 3, the user will not have to remove an existing authentication method.
- If some of your users will be pairing devices that have phone numbers with extensions, set the Phone numbers with extensions option to Enabled.
For Account lockout, enter or edit the following:
- Account lockout. The maximum number of incorrect
MFA authorization actions a user can attempt (such as entering an
incorrect OTP or declining a push confirmation on a mobile device)
before the account is locked.Note: This value includes MFA authentication attempts across all configured devices.
- Account lockout duration. The amount of time (in seconds) to keep the account locked after the failure count is exceeded. The account will automatically unlock after the specified time passes.
- Account lockout. The maximum number of incorrect MFA authorization actions a user can attempt (such as entering an incorrect OTP or declining a push confirmation on a mobile device) before the account is locked.
- Select the type of key to use for pairing of devices: 12-digit numeric key or 16-character alphanumeric key.
- Click Save.